tripleo

mistral playbook action's default verbosity leaks fernet keys in mistral logs

Bug #1714198 reported by Juan Antonio Osorio Robles
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Juan Antonio Osorio Robles
tripleo pike-rc2

Bug Description

With the deafult verbosity of the playbook action (-vvvvv) the values for the fernet keys get leaked into the mistral logs.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.openstack.org/499526

Changed in tripleo:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
status: New → In Progress
Emilien Macchi (emilienm)
Changed in tripleo:
importance: Undecided → Critical
milestone: none → pike-rc2
tags: added: security-hardening
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.openstack.org/499526
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=28cd0e4bf51c4f82d0ab231a02403696bb526e60
Submitter: Jenkins
Branch: master

commit 28cd0e4bf51c4f82d0ab231a02403696bb526e60
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Aug 31 12:07:20 2017 +0300

    Add less verbosity for fernet keys ansible playbook

    The default verbosity ended up logging the values of the fernet keys.
    This is not desirable, so we set the least amount of verbosity to stop
    this.

    Change-Id: I38646729692231f305630fc36ef7591a99daff63
    Closes-Bug: #1714198

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/500070

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/pike)

Reviewed: https://review.openstack.org/500070
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=16d1bcbd9734cf56300aac740c4e58e82100c3f6
Submitter: Jenkins
Branch: stable/pike

commit 16d1bcbd9734cf56300aac740c4e58e82100c3f6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Aug 31 12:07:20 2017 +0300

    Add less verbosity for fernet keys ansible playbook

    The default verbosity ended up logging the values of the fernet keys.
    This is not desirable, so we set the least amount of verbosity to stop
    this.

    Change-Id: I38646729692231f305630fc36ef7591a99daff63
    Closes-Bug: #1714198
    (cherry picked from commit 28cd0e4bf51c4f82d0ab231a02403696bb526e60)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 7.6.0

This issue was fixed in the openstack/tripleo-common 7.6.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 8.0.0

This issue was fixed in the openstack/tripleo-common 8.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.